The Hacking Development: New Patterns in Web Application Endeavors and Vulnerabilities Brian Christian, Senior Security

Slide1 l.jpg
1 / 56
1440 days ago, 560 views
PowerPoint PPT Presentation
Google has now actualized blocking Perl.Santy pursuit demands, which ... Perl/Santy.worm [McAfee], PHP/Santy.A.worm [Panda], Perl/Santy-A [Sophos], WORM_SANTY.A [Trend Micro] ...

Presentation Transcript

Slide 1

The Hacking Evolution: New Trends in Web Application Exploits and Vulnerabilities Brian Christian, Senior Security Engineer and Co-Founder, S.P.I Dynamics

Slide 2

Agenda Part 1: Introduction – How on earth did we get to this point? Section 2: Identifying the Problem – How does this stuff happen? Section 3: Key Application Vulnerabilities – Past, present and future Part 4: What Application Security Means to Compliance Efforts and how to alter the issue. Section 5: More data and online assets Part 6: Q&A

Slide 3

Part One Introduction Who We Are - SPI Dynamics basically Application Security - How could we have been able to we get to this point?

Slide 4

We fabricate and permit WebInspect, our industry driving web application security appraisal item, to endeavors, experts, and different foundations, both specifically and by means of worldwide accomplices. We possess the world's driving database of web application security vulnerabilities, SecureBase™. SecureBase is upgraded every now and again by SPI Labs, our U.S.- based research & advancement association. SPI Dynamics The Leader In Web Application Security Assessment

Slide 5

Web Sites Simple, single server arrangements Web Server HTML CGI Browser

Slide 6

Web Applications Very mind boggling models, different stages, numerous conventions Web Services Database Server Customer Identification Access Controls Transaction Information Core Business Data Application Server Business Logic Content administrations Web Servers Presentation Layer Media Store Wireless Browser

Slide 7

Common Web Applications

Slide 8

The Absolute Truth All code has bugs – paying little heed to stage, dialect or application. From a Microsoft to a Mom and Pop's home-prepared application, all code has bugs. A few bugs are usefulness bugs, which are found by QA. Different bugs are security bugs, which to a great extent go unidentified. For whatever length of time that usefulness is the principle objective and not security, there will dependably be vulnerabilities in PC applications.

Slide 9

This is your created application. This is all the stuff that your application should do, however doesn't do. These are Functionality bugs This is all the stuff that your application CAN likewise do, yet you're not mindful of. These are Security vulnerabilities This is your application plan. Why These Thing Happen This is all the stuff that your application should do.

Slide 10

Why Web Application Attacks Occur The Web Application Security Gap Application Developers and QA Professionals Don't Know Security Professionals Don't Know The Applications "As a Network Security Professional, I don't know how my organization's web applications should function so I send a defensive arrangement… however don't know whether it's ensuring what it should." "As an Application Developer, I can manufacture extraordinary elements and capacities while meeting due dates, yet I don't know how to build up my web application because of security."

Slide 11

Web Applications Breach the Perimeter HTTP INTERNET IMAP SSH POP3 FTP TELNET Firewall just permits PORT 80 (or 443 SSL) movement from the web to the web server. Any – Web Server: 80 DMZ Firewall just permits applications on the web server to converse with application server. Web Server Application Server TRUSTED INSIDE Firewall just permits application server to converse with database server. Application Server Database CORPORATE INSIDE

Slide 12

Web Applications Invite Public Access "Today more than 70% of assaults against an organization's site or web application come at the 'Application Layer' not the system or framework layer." - Gartner Group

Slide 13

Web Application Risk "Web application episodes cost organizations more than $320,000,000 in 2001." Forty-four percent (223 respondents) to the 2002 Computer Crime and Security Survey were ready as well as ready to measure their monetary misfortunes. These 223 respondents reported $455,848,000 in budgetary misfortunes. "2002 Computer Crime and Security Survey" Computer Security Institute & San Francisco FBI Computer Intrusion Squad

Slide 14

Part Two Identifying the Problem What are the essential vulnerabilities? How and why they happen

Slide 15

Web Application Vulnerabilities Web application vulnerabilities happen in various zones. Application Parameter Manipulation Cross-Site Scripting SQL Injection Buffer Overflow Reverse Directory Transversal JAVA Decompilation Path Truncation Hidden Web Paths Cookie Manipulation Application Mapping Backup Checking Directory Enumeration Administration Extension Checking Common File Checks Data Extension Checking Backup Checking Directory Enumeration Path Truncation Hidden Web Paths Forceful Browsing Platform Known Vulnerabilities

Slide 16

Cross Site Scripting (or XSS)

Slide 17

Cross Site Scripting (XSS) Cross-webpage scripting (additionally know as XSS or CSS) happens when powerfully created site pages show input that is not property approved. A client passes contribution to the type of a parameter to the web server. The web server gives back the client gave contribution back to the client without legitimate encoding. Once more, a show!

Slide 18

SQL Injection

Slide 19

SQL Injection – Defined SQL infusion is a strategy for abusing web applications that utilization customer provided information in SQL questions without stripping conceivably hurtful characters first. Permit me to illustrate!

Slide 20

Part Three Key Application Vulnerabilities Past, Present and Future Google Hacking

Slide 21

Google Hacking More then looking for incredible pr0n.

Slide 22

Google Hacking Find powerless destinations utilizing Google (Old technique – new life) Example Search Queries "filetype:mdb inurl:admin" – 180 results "Filetype:xls inurl:admin" – 14,100 results "ORA-00921: surprising end of SQL summon" – 3,470 results "allintitle:Netscape Enterprise Server Home Page" – 431 results

Slide 23

Google Hacking Take this strategy above and beyond and utilize it to contract your assault casualties. "inurl:id= filetype:asp site:gov" – 572,000 results "inurl:id= filetype:asp site:com" – 7,150,000 results "inurl:id= filetype:asp site:org" – 3,240,000 results Use this rundown as a standard for recognizing SQL infusion vulnerabilities

Slide 24

Google Hacking Take this technique above and beyond and utilize it to contract your assault casualties. "inurl:id= filetype:asp site:gov" – 572,000 results "inurl:id= filetype:asp site:com" – 7,150,000 results "inurl:id= filetype:asp site:org" – 3,240,000 results Use this rundown as a gauge for distinguishing SQL infusion vulnerabilities

Slide 25

Google Hacking Took 1 hour of coding 500 powerless locales were found in 1 moment and 26 seconds

Slide 26

Google Hacking Application Worm Find next casualty Exploit casualty Exploit casualty

Slide 27

Enter the Santy Worm Perl.Santy is a worm written in Perl script that endeavors to spread to Web servers running variants of the phpBB 2.x notice board programming Viewtopic.PHP PHP Script Injection Vulnerability Other frameworks are not influenced. On the off chance that fruitful, the worm duplicates itself to the server and overwrites the records with the accompanying augmentations: .asp, .htm, .jsp, .php, .phtm, .shtm The worm utilizes the Google internet searcher to discover potential new disease targets. Google has now executed blocking Perl.Santy seek demands, which is required to incredibly decrease the worm's capacity to proliferate and bring down the danger of further contaminations.

Slide 28

Enter the Santy Worm Perl.Santy.A [Computer Associates], Santy [F-Secure], Net-Worm.Perl.Santy.a [Kaspersky], Perl/Santy.worm [McAfee], PHP/Santy.A.worm [Panda], Perl/Santy-A [Sophos], WORM_SANTY.A [Trend Micro] UNIX, LINUX, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Slide 29

Slide 30

The Past, the Present, and the Future of Hacking How productive could this entire situation be?

Slide 31

Where We've Been – The Past Since most locales were static HTML, not much to do but rather attempt to get root/administrator benefits on the machine or damage the site. This demonstrated for some incredible comic drama.

Slide 32

Where We're At– The Present Since more dynamic and one of a kind substance has been added to sites, and clients request much MORE usefulness with the goal that they can do everything electronically, unreliable substance was included at a sped up pace! Also, clients and administration request considerably more!

Slide 33

Where We're Going– The Future Application hacking is turning out to be more intricate as applications are turning out to be more mind boggling. The potential outcomes are unfathomable when it comes down to what would you be able to misuse in web applications. Take for Instance Application Worms, Web Application Worms.

Slide 34

What Application Security Means to Compliance Efforts How productive could this entire situation be?

Slide 35

Types of Compliance Regulations Privacy HIPPA (Health Insurance Portability and Accountability Act) SOX (The Sarbanes-Oxley Act ) GLBA (Gramm-Leach-Bliley Act) Disclosure CA1386 Federal Trade Commission Privacy Policy Practice PCI

Slide 36

Privacy HIPAA (Health Insurance Portability and Accountability Act) SOX (The Sarbanes-Oxley Act ) GLBA (Gramm-Leach-Bliley Act)

Slide 37

HIPAA The Health Insurance Portability and Accountability Act (HIPAA) commands the security and security of individual wellbeing The Security Rule of the Act prescribes data security best practices to ensure individual data. HIPAA obliges associations to play out a HIPAA security chance appraisal to figure out what applications and information are vulnerab